Jihan Ferfess
Marseille
Summary
Cybersecurity professional with demonstrated history of safeguarding digital assets and ensuring compliance with security policies. Known for fostering collaborative team environments and delivering results under pressure. Specializes in risk management and application security, with consistent focus on adaptability and reliability.
Overview
7
7
years of professional experience
1
1
Certification
Work History
Cybersecurity Manager
Deloitte
09.2024 - Current
Application security & secure development lifecycle:
- Conducted analysis of existing SDL processes to identify weaknesses in threat modeling, secure code reviews, automated testing, and security tooling integration.
- Investigated Memory Safety issues (CWE/CVE) impacting OT products, identifying root causes, and proposing security enhancements to mitigate vulnerabilities escaping SDL processes.
- Analyzed existing solutions and best practices covering tools, process and people, including runtime protection mechanisms such as RunSafe’s loadtimefunction, memory-safe coding practices, and memory tagging technologies to address memory safety risks.
IT transformation:
- Define and formalize security policies, dashboards definition and indicators monitoring
- Global project management for IT programs requiring transverse coordination
Physical Security:
- Global project management for physical access control management program
- Coordinated a partnership and learning program between Deloitte and various physical security vendors such as Milestone, Nedap, Legic, Idware...etc.
Senior Cybersecurity Consultant
Deloitte
11.2022 - 09.2024
IT and compliance audits
- Evaluation of cybersecurity maturity/compliance based on recognized standards and regulations (ISO27001, Arrêté du 14 septembre2018)
- Conduct of IT and cybersecurity audits for IT service center of large international group (NIST, ISO27001, ITIL)
- Evaluate access control and segregation of duties (SoD) for critical applications such as mainframe and SAP.
- Review existing access provisioning and deprovisioning processes to identify gaps and recommend improvements for better security and efficiency
- Emergency access management and continuous controls reporting
Senior Cybersecurity Consultant
Ernst & Young (EY)
05.2021 - 09.2022
Risk Analysis and ISMS Implementation:
- Risk Analysis and Compliance Projects: Conducted digital risk analysis and treatment following EBIOS RM method.
- Conducted comprehensive digital risk analysis and risk treatment using EBIOS RM method, identifying and prioritizing risks to establish appropriate security measures.
- Prepared Information Security Management System (ISMS) certifications for french agency, following DISSIP framework established by French Ministry of Interior, to ensure regulatory compliance and robust security posture.
- Monitored and tracked action plans stemming from security audits and risk analysis, ensuring timely implementation of corrective measures and alignment with best practices.
- Implemented ISMS with focus on continuous improvement for Public Key Infrastructure (PKI) security, enhancing protection and validation processes for secure documents such as passports and ID cards.
Data Privacy:
- Conducted Data Protection Impact Assessments (DPIAs) to assess compliance with GDPR requirements, ensuring data protection principles were integrated into new solutions and processes.
Cybersecurity Consultant
Capgemini
04.2018 - 04.2021
Email Protection - DMARC:
- Managed and led DMARC change management program, which helps organizations reduce email misuse such as spam and phishing by providing deployment and monitoring solution for email authentication issues.
- Investigated and documented inventory of legitimate e-mail sending domains and third-party tools.
- Secured all legitimate email sending domains by implementing of SPF and DKIM protocols for authenticating emails sent from legitimate sources and blocking all illegitimate domain use
Data Privacy - GDRP:
- Assessed Privacy by Design and Privacy by Default principles across client's BUs to ensure continuous and complete alignment with GDPR requirements, including legitimacy principles and cross-border data transfer regulations.
- Evaluated and documented initial privacy assessments (IPA), legitimate interest assessments (LIA) as well as internal data transfer agreement in alignment with GDPR requirements.
Business Continuity Plan:
- Implemented Business Continuity Plan (BCP) for 10 critical business areas, establishing recovery strategies and response procedures for effective disaster recovery.
- Documented BCP Strategy for food and transport company covering all critical activities and IT structure.
IAM Project management:
- Managed and monitored multiple Identity and Access Management (IAM) projects roadmaps implementation progress, including CyberArk and Ping ID.
- Conducted regular reviews and audits of IAM policies and procedures to identify areas for improvement.
Education
Executive Program For New Managers - Leadership
HEC Paris
Paris - France05-2025
Specialized Masters (MS) - Expert in Management Control, Audit, and Information Systems Management
Skema Business School
Paris - France01.2018
Computer Engineering - Information Systems
National School of Applied Sciences (ENSA)
Tetouan - Morocco01.2016
LANGUAGES
English
French
Arabic
LINKS
LinkedIn: https://www.linkedin.com/in/jihan-f-36baaa110/
Certification
- EBIOS RM
- AEOS Configuration Level 1
- Netvision Param Hyberviseur
Timeline
Cybersecurity Manager
Deloitte
09.2024 - Current
Senior Cybersecurity Consultant
Deloitte
11.2022 - 09.2024
Senior Cybersecurity Consultant
Ernst & Young (EY)
05.2021 - 09.2022
Cybersecurity Consultant
Capgemini
04.2018 - 04.2021
Executive Program For New Managers - Leadership
HEC Paris
Specialized Masters (MS) - Expert in Management Control, Audit, and Information Systems Management
Skema Business School
Computer Engineering - Information Systems
National School of Applied Sciences (ENSA)
Similar Profiles
Neo MojiNeo Moji
Junior Actuarial Analyst at DeloitteJunior Actuarial Analyst at Deloitte
PRIYANKA PAWAR VADAIGHARPRIYANKA PAWAR VADAIGHAR
AWS DevOps Engineer at DeloitteAWS DevOps Engineer at Deloitte
Richa NandRicha Nand
Senior Associate at DeloitteSenior Associate at Deloitte
Pavani GoudPavani Goud
Technology Analyst at DeloitteTechnology Analyst at Deloitte
Kamal BlancoKamal Blanco
Chauffeur livreur at SAS global active transportChauffeur livreur at SAS global active transport